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SYSTEM AND METHOD FOR CIPHERING DATA 



Field of the Invention 

The invention relates to a system for decoding serial data received from a 
5 communication medium. In particular the invention relates to a system for encoding 

and/or decoding of data packets and/or fragments received serially interleaved one within 
another. 

Background of the Invention 

In the past, security of communications was provided through the use of 
„ 1 0 encryption technologies. When using encryption, data that is communicated is first 
vO mapped from its useful state to another obfuscated state wherein it is inaccessible even if 

rt : 
E £J 

\h intercepted. Before being "used," the data is mapped back to its useful state. Mapping the 
data is referred to as encoding and mapping the data back is referred to as decoding. The 

«T ! ™ 

■ *ar 

CD terms encrypting and decrypting> respectively, are also commonly used. There are many 

^15 methods of obfuscating data having varying degrees of security. Some of these include 

lf a DES, triple-DES and CAST. Often, security systems support improvements in the 

5": [ 

Q encoding algorithms used to enable enhanced security algorithms to later be adopted. 

v :f For securing communications, two common models are used, point to point level 

security and data level security. In point to point level security, two endpoints in a 

20 communication medium secure communications therebetween. For example, two radio 
transceivers for use in military applications set up a secure channel, an agreed upon 
encoding/decoding method. All data transmitted is encoded prior to transmission and all 
data is decoded upon receipt. Encoding systems used for data of this type are usually 
optimized for encoding and decoding data within a stream of data. In data level security, 

25 data is encoded into a file and that file is then transmitted. The received encoded file is 
then decoded to extract the original data. A common form of this type of encoding system 
is Pretty Good Privacy® (PGP) a commonly available software encryption package for 
personal computers. 
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A Secure Virtual Private Network (SVPN) is a secure form of a virtual private 
network (VPN). A VPN provides an appearance to users of the network of a physically 
connected network of workstations. This appearance is provided even when some 
workstations and sub-networks are disposed remotely from the core of the network. As 
5 such, a person working from home feels as if they are physically coupled to the network 
though they are not. Commonly, VPNs are implemented using a wide area network such 
as the Internet as a communication medium. A workstation is coupled to an Internet 
provider via a modem connection, the core network is coupled to the Internet through a 
gateway and the workstation communicates with the network to provide functionality as 
10 if a dedicated dial-up connection were made therebetween. 

For a user of the workstation, the connection to the Internet and the gateway is 
transparent. Thus, the term virtual in both VPN and SVPN. An SVPN also comprises 



U interception and access to sensitive data. Commonly, this means for securing data 
p 1 5 includes a processor for encrypting and decrypting data. Even if intercepted, the 
jf encrypted data is not accessible. 



In order to support data level security of SVPN communication, data is received 
at a gateway and is transferred from gateway memory to working memory where the data 
"pieces" are reassembled to form complete messages and/or transmissions. These 



k h 20 complete messages and/or transmissions are then decoded and the data then routed within 
a,y the private network to a destination. Alternatively, the data is re-encoded and transmitted 
back through the SVPN to the destination. Thus, a gateway has to support receiving data 
within a serial stream, processing the data to determine an associated data location within 
memory, transferring the incoming data to the associated location in memory and 
25 monitoring memory locations for complete messages that require decoding. This requires 
costly hardware and complicated timing to support memory transfers, serial data stream 
reception and file decoding. 

A common approach to securing data is to use a main processor within a gateway 
to perform data ciphering operations. Data ciphering includes encoding and decoding of 



means for securing data transmitted via the Internet to the gateway in order to prevent 
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dala. Once data is ciphered, operations relating to data integrity such as hashing the data 
is performed. Data to be transmitted is encrypted and hashed, with hashed data added to 
the encrypted data. Data received is verified and then decrypted. 

The processor accesses a memory buffer to read and write data before and after 
processing it. Unfortunately, data bus access is a common bottleneck in processor based 
systems. The prior art approach described above requires four memory access operations 
- writing received data to the buffer, reading the data for processing, writing the data after 
processing, and reading the data for forwarding same to a destination. Thus, even though 
a processor is often fast enough to handle the requisite processing, the bus access limits 
the overall efficiency of such a system. 

It would be advantageous to simplify the ciphering of data within a serial data 
stream when received by the gateway. 

i n orde r to o vercome iho abqx^ttmilaliuiis uf the piiui art, it is on obje c t uf the - 
invention to provide a method>*fciphering data received by a gateway, the data ciphered 
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thr inYfnfiftn tTrpr^'i'l* m flt1inr * »«»w«wiff Hntn f ftr 
area network, the data ciphered and processed for determining 



Summary of the Invention 




imvirlftri.. 



for oiphering datct ctor e d - 



25 



within a memory buffer comprising: 
an integrated processor for retrieving dataj&rtfm the memory buffer, for ciphering the 
data, and for performing operati<ms^tating to verification of data integrity, the ciphering 
and the performed operatipitfexecuted in parallel, the processor for providing processed 
data. 



In accordance with the invention there is also provided a system for ciphering data 



comprising: 



i 
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a memory buffer having a first tpdrt and a second port; 
a plurality of communicatiorfports; 

a first processor in communication with the first port of the memory buffer and the 
plurality of comnmrfication ports; 

a second pro^sor in communication with the second port of the memory buffer, the 
second ppdcessor for ciphering data within the memory buffer and for storing the data 
ciptofed data within the memory buffer, 
Mill dm cipheimg operation? Ho not nfft 




1 0 Brief Description of the Drawings 

The invention will now be described in conjunction with the following drawings 
in which: 

Fig. 1 is a simplified block diagram of a prior art ciphering system; 

Fig. 2 is a simplified block diagram of a ciphering system according to the invention; 
15 and, 

Fig. 3 is a simplified block diagram of a ciphering processor for use with the present 
|7j invention. 

*** 

O Detailed Description of the Invention 

* ? ** 
»* +■ 

3 p Referring to Fig. 1, a data ciphering system according to the prior art is shown. 

20 The data is provided as a stream of data values in the form of bits. As shown, the bits 

arrive at a first communication port 4a and arc stored in buffer memory 3 via the data bus 
2. A processor 7 determines start locations and end locations of packet fragments as the 
bits are placed within the buffer memory 3. Alternatively, this is done when bits are 
already within the buffer memory 3. Determining packet start, end, and contents are 

25 known in the art of data communications. 

When Hie beginning o f a packet is detected by the procc33or 7, Anew file williin 
the memory is created or a new portion of tjrfe memory is allocated for the packet. A 
ciphering circuit 8 then retrieves the file/from the memory buffer via the data bus 2, The 
data within the buffer memory 3 is ciphered and data integrity information is generated 
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for data integrity verification/nje-ei^hered data is then stored in the memory via the data 
bus 2. When data isjjekrg*secured for transmission via a wide area network, the integrity 
informationj**fored with the ciphered information. The processor 7 then retrieves the 
cipherpdmformation from the memory 3 via the data bus 2 and provides it to the second 
limitation purl 4b.- 

From Fig. 1 aAd the above description, it is evident that at least four data bus 
operations are necessai|y for each packet. Since data busses often form a bottleneck in 
system performance, the resulting system is often inefficient. Even though, all processing 
of encryption and data integrity is performed by a special processor 8, the resulting 
improvement in system performance is not substantial. 

Referring to Fig. 2, a data ciphering system according lo the invention is shown. 
The data is provided as a stream of data values in the form of bits. As shown, the bits 
arrive at a first communication port 4a and are stored in buffer memory 5. A processor 7 
determines start locations and end locations of packet fragments as the bits are placed 
within the buffer memory 5. Alternatively, this is done when bits are already within the 
buffer memory 5. Determining packet start, end, and contents are known in the art of data 
communications. 




m 20 




When ilitf beginning uf a pa^kw: is detected by the pi 
the memory is created. A cip^artng processor 13 then retrieves the file from the memory 
buffer via a second othej*lata bus. The data within the buffer memory 5 is ciphered and 
data integrity inforaMion is generated for data integrity verification. The ciphered data is 
then stored. When data is being secured for transmission via a wide area network, the 
imegri^fiformation is stored with the ciphered information. The processor 7 then 
rt ^y ilwfrft t h e niph rrni inf oi ii infifl l i m i l j i n i uili , 1 1 m lli i m mul coni Jin iii i i fttinn port 4^ 



Chsdily, piue e sc i ng o f a p mka iicjuiiis ut leuat two data bmi operati o ns, half of 
the prior art implementation. Thus/ using a system as described herein, performance is 
improved substantially. Also, since the ciphering processor operates independent of the 
processor 7 and of the data busiz, it is possible to clock the ciphering processor 13 
independent of the other processor. Therefore, when ciphering operations prove to be a 
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ering processor is used. Alternatively, when the processor 7 is the 
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^he me mory hnffrr i in prrfppfAy fount J uf dual poUcU^axiJum accosi mcmo*^ 
Of course, when reduced performance is acceptable, a random access memory arbitration 
circuit (not shown) is usecprfarbitrate access to the random access memory making it 
function similarly tojkml ported memory. In essence, either the ciphering processor 13 or 
the processor Tjtfe switched to drive the memory circuitry. By using true dual ported 
random ace€ss memory, both the processor 7 and the ciphering processor 13 can access 
the memory 5 simultaneously. This effectively eliminates operations of one processor 




Irtfht 




they are now 



two on the data bus and two on a second other data bus. This is 



described above- 
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Tht iiupleu'jciiLdtion uf cipher Ingtfnd data Integrity operations in paiallel 

improves system performance. Pndr art systems perform one operation and then the 
other, implementation of thg>two operations in parallel requires some set up operations 
and a final operation^erfthe data integrity processing. That said, it reduces two sequential 
operations topufc operation equal to the greater of the two. The improved efficiency 
alio ws Jpfa ciphering processor 1 3 having reduced performance and yet capable of 
20 acj>fe vlh% u sami ov erall data thr o ughpu t . ■ 

Referring to Fig. 3, a block diagram of the ciphering processor 13 is shown. The 
ciphering processor 13 is implemented within programmable logic of a field 
programmable gate array (FPGA). The FPGA is in communication with the dual ported 
random access memory 5 and with a command FIFO 15. The ciphering processor 13 
25 comprises four main blocks. The 3-DES core is a ciphering block for performing 
encryption and decryption of data according to the DES standard. Of course, other 
methods of data obfuscation may be implemented in conjunction with the DES core. 
Alternatively, another form of encryption is used in place of DES. An SHA-1 block 
implements SHA-1 data integrity hashing and verification. The block provides a signal 
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related to the integrity of data analysed. When data integrity is verified, that data is 
acceptable and the processed packet continues normal processing, otherwise an error is 
indicated and an error handler sends appropriate signals for indicating the communication 
error. An MD5 block performs data integrity hashing and verification according to MD5. 
5 As used herein the term data integrity hashing is equivalent to message digesting (MD). 
The DES, MD5, and SHA-1 methods are well known in the art. 

For example, the Secure Hash Algorithm (SUA), the algorithm specified in the 
Secure Hash Standard (SHS, FIPS PUB 180), was developed by NIST. SHA-1 is a 
revision to SHA that was published in 1994; the revision corrected an unpublished flaw 
1 0 in SHA. The design of SHA-1 is very similar to the MD4 family of hash functions 
developed by Rivcst. SHA-1 is also described in the ANSI X9.30 (part 2) standard. 



• 1 1 



MD2, MD4 and MD5 arc message-digest algorithms developed by Rivest. 

S> > 

ty}/^^ Thtiv it ir i Hrwr rhu imj.il. mi^ji.irfim * » f thnnn f.. n « j 1 1 1 1 1' iii j nlH within .i ^m rCfr 

ciphering processor is advantageous. Further, since the processed data is same data, the 
q 1 5 use of single integrated [processor reduces memory access operations since same data is 
used by each of Ap^rocessing portions of the ciphering processor 13. This has an added 

nrrrasing perf o rm a n c e through reduced acocn t o external muiimy- * 

> f\ \\ f Win W 'j | VI) t n in iphr rn l nrr nr riinfl t n rhf: invent i on nnri rnm iltt i n n pnrfr r t th nf 
is too large fpi<transmission via a network, the packet is fragmented. Such a packet, 
20 havinj^two fragments. In this case, the receiving end may be optimized to process paired 




By performing encryption and integrity encoding in a single pass, very high 
speeds arc supported efficiently. For example, encryption according to the LPsec standard 
is performed and integrity encoding using message digests is performed. Of course, very 
25 high speeds can be supported through other architectures. 

A hardware implementation of a gateway ciphering system is implemented within 
an ASIC or other custom circuitry. Alternatively, a commercially available processor is 
dedicated to performing the ciphering processing. This provides very high performance 
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and processor independence. In effect, the use of custom circuitry allows for increased 
efficiency in exchange for increased design and implementation costs. Alternatively, the 
hardware is implemented in programmable logic such as a field programmable gate array 
(FPGA). 

5 Advantageously, a hardware implementation as disclosed above offloads much of 

the processing requirements for packet processing from a host processor. The resulting 
system has a host processor and a ciphering processor that are relatively independent. 
Unfortunately, a level of independence achieved is generally at an expense of further 
processing ability within the ciphering processor. For example, in order to cipher a 
10 packet, it is generally required to have a security association for the packet. In order to 
determine the security association, either the ciphering processor is significantly more 
complex or the host processor is used. 
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Accordingly, an architecture is presented below for providing a balance between 
cost and performance for a ciphering system according to the invention. The host 
1 5 processor determines a security association based on a source/destination of a packet. The 
security association and the source/destination in the form of an address are stored for 
access by the ciphering processor. In this fashion, the host processor determines a 
security association for an address once instead of many times. Likewise, the ciphering 
processor is capable of ciphering many packets without further processing by the host 

* 

20 processor and with little added complexity. 
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^ v^S^ ^ c c *Ph er * n S oystMn i ^ i he form of in A STC or an FPGA imludu meuna to look 
Sup the security association^iKermined by the host processor. The security association is, 
for example, a the cornrat in which a packet is to be ciphered including keys and 
ciphering algorithprfs The host processor includes means for determining a security 
25 association aprfior storing the determined security association in a location accessible by 
the ciphering processor. For example, the security association is stored in the dual ported 
RAN# / Alternatively, the security association is stored in memory within the ciphering 
f rocess er . ' 
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determined and a security context associated with the packet address isjaesffed when 
present. The located security context is then used to ciphepfeer^acket. Alternatively, 
when the security context is not present, asigjiaHS^rovided to the host processor which 
then determines and stores a^epifrty^ontext for the packet. Such a method shifts much 
of the packet proegsstrtgrequircments from the host processor to the ciphering processor 

nri covt pfffTt ivc manner. 



Accordingly, the host processor performs key negotiation and setup. It also stores 

data within a table, which the ciphering processor later references. The ciphering 

1 0 processor then processes all subsequent packets in that security context without 

burdening the host processor. Further, since the ciphering processor need only perform a 

lookup for each packet, the complexity of the hardware and per-packet overhead are both 
small. 

Numerous other embodiments may be envisaged without departing from the spirit 
1 5 or scope of the invention. 
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